Malware

Mobile Malware Mines Digital Currency

A new strain of mobile malware has recently been discovered by security researchers that uses the device to mine for digital currencies. The trojan, discovered by research company Lookout Software, is designed to scrape digital currencies such as bit coins and return them to the developer. The malware specifically targets Android phones, as most modern mobile malware does – see Android and Java: Top Targets for Malware and Compromise in 2013.

The security researchers identified that this trojan horse has been responsible for infecting many thousands of devices over the past month and utilising them to scrape digital currencies. Lookout Software identified that the malware had propagated via a number of forums that specialise in the distribution of pirate software. The forums are primarily Spanish based and are often a prime target for malware distributors to utilise.

After identifying the trojan, security researchers installed the malicious code onto their Android smart phones and watched as the malware spent hours hunting for digital currencies, draining the devices battery rapidly in the process. The malware is designed to harness the devices processing power to gain digital currencies such as bitcoin and litecoin. The digital currencies utilise this processing power to drive their currency network and, by supplying processing power, the attackers can receive money in return. The malware is distributed at a large scale and pays relatively small amounts of cash for processing power.

If distributed effectively and for long periods of time, the malware would be able to harness cash in exchange for resources. However, reports from Lookout Software suggest that the current take is relatively small for the criminals effort as mobile devices have limited processing power. Further malware analysis has shown that this piece of malware is relatively unsophisticated and only used to mine when the app is executed.

Mining in exchange for digital currency is not a new process – years ago, users were able to provide processing power in exchange for bitcoins. However, as this took off and interest in bitcoins increased, it has become a lot tougher to gain the digital currency – so much so that days of processing power can only result in small amounts of bitcoins. Even mining for smaller, less popular versions of digital currencies has taken off – meaning that you get a lot less money for your processing power.

This is the main reason that this particular piece of malware is unsophisticated and will never really earn the cyber criminals much money. Processing power from high spec personal machines will provide very small returns – so mobile devices are likely to earn significantly less. It is estimated that a typical mobile device, such as a Nexus 4, could calculate roughly 8 thousand times per second. At this rate, the mobile device would earn 0.01 litecoins after extended periods of time – even days. This is the equivalent of 20 cents – for days of processing power.

The malware is targeted at several digital currency times, including dogecoin and litecoin, and has been nicknamed “Coinkrypt”. Infection of this malicious code would be noticeable by the user as the device will tend to slow down, get hot and drain battery – similar properties to that of malicious code running on any desktop machine. It is recommended that users avoid piracy sites and downloading any files from untrusted sources.